HTTP: Script in CHANNEL Tag

This signature detects attempts to exploit the cross-domain vulnerability in Microsoft Internet Explorer. Attackers can create a malicious Web page that, when viewed by a user subscribed to an MSN channel, enables them to obtain information, remotely execute arbitrary code, or take complete control of the target system.

Extended Description

A vulnerability has been reported in Microsoft Internet Explorer that could enable unauthorized access by malicious scripts and Active Content to document properties across different Security Zones and foreign domains. This issue is exposed when a remote site uses the 'AddChannel' method to add a channel. Exploitation of this issue could allow various attacks, such as cookie-theft from an arbitrary domain. Other issues may also facilitate execution of arbitrary code on a vulnerable client system by causing malicious content to be stored on the victim system and then referenced.

Affected Products

Nortel_networks symposium_web_client

Short Name
HTTP:STC:IE:CHAN-SCRIPT
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CHANNEL CVE-2005-0056 Script Tag bid:12427 in
Release Date
02/08/2005
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Nortel_networks

Microsoft

CVSS Score

5.1

Found a potential security threat?